Code signing is a proven security practice to protect and extend trust based use of software systems and applications.
Companies publishing and consuming software need a secure code signing mechanism to protect code integrity and provide a safe and secure experience for internal and external customers. An unsecured, disconnected, and non-automated process can result in data, access, legal, business, and reputational risks.
Ensuring a secure code signing process requires validating the signing process so that the right code is signed with the right key by the right user, managing the signing keys securely, having easy certificate management and providing an audit trail of all every signing activity.
Often, code signing process is manual in nature and it becomes difficult for developers to manually sign thousands of files per day. Moreover, security of the cryptographic keys and custom integrations with various HSMs poses a difficulty for many security teams.
Aujas code sign is a secure, centralized, automated, and DevOps ready platform that ensures the integrity of software applications, protects the signing keys using cloud HSMs, provides automated audit trails, and combat malware.
Aujas Code Sign Platform Features:
The world's seventh-largest pure-play enterprise software company building a range of software from mainframes to mobile applications needed a robust solution to streamline it's code signing process securely. The company was doing more than 12 million signings in a year. They felt the need to make the code signing process seamlessly easy to use for multiple DevOps team without compromising on security.
By adopting Aujas Code Signing (ACS) platform, they experienced easier CLI integration and the option to submit file signing parallelly. Aujas' solution, which leveraged the microservice-based architecture, was easily extendable and scalable based on the demand.
ACS integrated cloud HSM to secure the keys used for code signing and supported fully automated monitoring & alerting of cloud infrastructure. As a result, the code signing process for the company became far more efficient and secure.
Interested to learn more about the code signing process? Read the Blog